[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15134 Download | Alert*

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return "/" instead of "". This could impact services that restrict the user"s filesystem access to within their home directory through chroot etc. All versions before 2.1 are vulnerable.

includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.

SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.

A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user"s session.

A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in ...

In NetKit through 0.17, rcp.c in the rcp client allows remote rsh servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. This is similar to CVE-2018-20685.

An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of "*" characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return "/" instead of "" . This could impact services that restrict the user"s filesystem access to within their home directory through chroot etc. All versions before 2.1 are vulnerable.

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server"s user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options


Pages:      Start    631    632    633    634    635    636    637    638    639    640    641    642    643    644    ..   1513

© SecPod Technologies